ThinkPHP Multiple Parameter RCE

High Nessus Plugin ID 121621

Synopsis

The remote web server hosts a web application that allows an attacker to upload arbitrary PHP files.

Description

The version of ThinkPHP hosted on the remote web server allows an unauthenticated, remote attacker to execute arbitrary php code through multiple parameters.

Solution

Upgrade or patch ThinkPHP to a non-affected version.

See Also

https://www.exploit-db.com/exploits/45978

Plugin Details

Severity: High

ID: 121621

File Name: thinkphp_rce.nbin

Version: 1.12

Type: remote

Family: CGI abuses

Published: 2019/02/06

Updated: 2019/07/16

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2018-20062

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Patch Publication Date: 2018/11/12

Vulnerability Publication Date: 2018/11/12

Reference Information

CVE: CVE-2018-20062